19. Which of the following ensures the successful completion of tasks in the development of business continuity and disaster recovery plans?
a. Defining individual roles
b. Defining operational activities
c. Assigning individual responsibility
d. Exacting individual accountability
19. d. It is important to ensure that individuals responsible for the various business continuity and contingency planning activities are held accountable for the successful completion of individual tasks and that the core business process owners are responsible and accountable for meeting the milestones for the development and testing of contingency plans for their core business processes.
20. Regarding contingency planning, strategic reasons for separating the alternative storage site from the primary storage site include ensuring:
1. Both sites are not susceptible to the same hazards.
2. Both sites are not colocated in the same area.
3. Both sites do not have the same recovery time objectives.
4. Both sites do not have the same recovery point objectives.
a. 1 and 2
b. 1, 2, and 3
c. 1, 2, and 4
d. 1, 2, 3, and 4
20. a. It is important to ensure that both sites (i.e., alternative storage site and primary storage site) are not susceptible to the same hazards, are not colocated in the same area, have the same recovery time objectives (RTOs), and have the same recovery point objectives (RPOs).
21. Regarding BCP and DRP, if MAO is maximum allowable outage, BIA is business impact analysis, RTO is recovery time objective, MTBF is mean-time-between-failures, RPO is recovery point objective, MTTR is mean-time-to-repair, and UPS is uninterruptible power supply, which one of the following is related to and compatible with each other within the same choice?
a. MAO, BIA, RTO, and MTBF
b. BIA, RTO, RPO, and MAO
c. MAO, MTTR, RPO, and UPS
d. MAO, MTBF, MTTR, and UPS
21. b. A business impact analysis (BIA) is conducted by identifying a system’s critical resources. Two critical resource measures in BIA include recovery time objective (RTO) and recovery point objective (RPO). The impact in BIA is expressed in terms of maximum allowable outage (MAO). Hence, BIA, RTO, RPO, and MAO are related to and compatible with each other. MTBF is mean-time-between-failures, MTTR is mean-time-to-repair, and UPS is uninterruptible power supply, and they have no relation to BIA, RTO, RPO, and MAO because MAO deals with maximum time, whereas MTTF and MTTR deals with mean time (i.e., average time).
22. Regarding contingency planning, system-level information backups do not require which of the following to protect their integrity while in storage?
a. Passwords
b. Digital signatures
c. Encryption
d. Cryptographic hashes
22. a. Backups are performed at the user-level and system-level where the latter contains an operating system, application software, and software licenses. Only user-level information backups require passwords. System-level information backups require controls such as digital signatures, encryption, and cryptographic hashes to protect their integrity.
23. Which of the following is an operational control and is a prerequisite to developing a disaster recovery plan?
a. System backups
b. Business impact analysis
c. Cost-benefit analysis
d. Risk analysis
23. a. System backups provide the necessary data files and programs to recover from a disaster and to reconstruct a database from the point of failure. System backups are operational controls, whereas the items mentioned in the other choices come under management controls and analytical in nature.
24. Which of the following is a critical benefit of implementing an electronic vaulting program?
a. It supports unattended computer center operations or automation.
b. During a crisis situation, an electronic vault can make the difference between an organization’s survival and failure.
c. It reduces required backup storage space.
d. It provides faster storage data retrieval.
